INFSA-2025:8432: perl-CPAN security update

Information about definition

Identificator: INFSA-2025:8432

Type: security

Release date: 2025-07-07 11:22:46 UTC

Information about package

The CPAN module is a tool to query, download and build perl modules from CPAN sites.

Vulnerabilities description

  • CVE-2020-16156

    A flaw was found in the way the perl-CPAN performed verification of package signatures stored in CHECKSUMS files. A malicious or compromised CPAN server used by a user, or a man-in-the-middle attacker, could use this flaw to bypass signature verification.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 7.8 no information
Critical, important, moderate, low

Updated packages